b'DEPARTMENT OF HOMELAND SECURITY\n\n    Office of Inspector General\n\n  Evaluation of DHS\xe2\x80\x99 Security Program and \n\n  Practices For Its Intelligence Systems For \n\n              Fiscal Year 2008 \n\n\n            Unclassified Summary \n\n\n\n\n\nOIG-08-87                         August 2008\n                       1\n\x0c                                                                       U.S. Department of\n                                                                       Homeland Security\n                                                                       Washington, DC 20528\n\n\n\n\n                               Office of Inspector General\n               Evaluation of DHS\xe2\x80\x99 Security Program and Practices For Its\n                     Intelligence Systems For Fiscal Year 2008\n                                      OIG-08-87\n\n\nWe conducted an evaluation of the enterprise-wide security program and practices for the\nTop Secret/Sensitive Compartmented Information systems under the Department of\nHomeland Security\xe2\x80\x99s purview. According to the Federal Information Security\nManagement Act of 2002 requirements, our review focused on the department\xe2\x80\x99s security\nmanagement, implementation, and evaluation aspects of its intelligence activities,\nincluding the policies, procedures, and system security controls in place for its\nenterprise-wide intelligence systems. In doing so, we primarily assessed the\ndepartment\xe2\x80\x99s Plan of Action and Milestones, certification and accreditation, and incident\nreporting processes, as well as its security awareness training.\n\nThe objective of our evaluation was to determine whether the department is adequately\nand effectively protecting Top Secret/Sensitive Compartmented Information and the\nsystems that support the Department of Homeland Security\xe2\x80\x99s enterprise-wide intelligence\noperations and assets. Our independent evaluation focused on the department\xe2\x80\x99s\ninformation security program for its intelligence systems, at both the department level\nand at the organizational components. The organizational components included in our\nevaluation were the Intelligence and Analysis office and the United States Coast Guard.\n\nDuring Fiscal Year 2008, the department has made significant progress in establishing an\nenterprise-wide information security management program for its intelligence systems.\nThe department has compiled, updated, and maintained its enterprise-wide inventory of\nTop Secret/Sensitive Compartmented Information systems, as well as those systems that\nsupport an intelligence mission regardless of the classification. The department\xe2\x80\x99s\nenterprise-wide intelligence systems are certified and accredited in accordance with the\nDirector of Central Intelligence Directive 6/3. The department has accepted the\naccreditation of the U.S. Coast Guard intelligence system, which was previously certified\nand accredited by the U.S. Navy.\n\nSome management oversight and operational issues remain regarding the effectiveness of\nthe program. In addition, the department still needs to establish and implement a formal\ninformation systems\xe2\x80\x99 security education, training, and awareness program for employees\nwith significant responsibilities for the department\xe2\x80\x99s intelligence systems. Fieldwork was\nconducted from May through August 2008. (OIG-08-87, August 2008, IT)\n\x0cAdditional Information and Copies\nTo obtain additional copies of this report, call the Office of Inspector General\n(OIG) at (202) 254-4199, fax your request to (202) 254-4305, or visit the OIG\nweb site at www.dhs.gov/oig.\n\n\nOIG Hotline\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of \n\ncriminal or noncriminal misconduct relative to department programs or \n\noperations: \n\n\nCall our Hotline at 1-800-323-8603; \n\nFax the complaint directly to us at (202) 254-4292; \n\nEmail us at DHSOIGHOTLINE@dhs.gov; or \n\nWrite to us at: \n\n          DHS Office of Inspector General/MAIL STOP 2600, Attention:\n          Office of Investigations - Hotline, 245 Murray Drive, SW, Building\n          410, Washington, DC 20528.\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'